Private Networks, VPN and NAT

Private Networks
 used

inside an organization  provides privacy  Intranet & Extranet

Intranet & Extranet

Extranet Intranet

 set

of addresses from Internet authorities  set of address without registering with the Internet authorities
• Table 1: Addresses for Private Networks
Prefix 10/8 172.16/12 192.168/16 Range ~ ~ ~ Total 224 220 216

VPN – Virtual Private Networks

technology used among large organizations  use the global Internet for both intra- and inter-organization communication  but, require privacy in intra-organization communication  to achieve privacy

private networks, hybrid networks and virtual private networks

Private Networks

Small organization: using an isolated LAN -> secure from outsiders Large organization: several sites -> using a private internet

Hybrid Networks

Most organizations:
 

need Privacy in intra-organization data exchange Also, need to be connected to the global Internet for data exchange with other organizations

Solution: Hybrid Networks

 using

the global Internet for both private and public communication  VPN: private but virtual  Private: guarantees privacy inside the organization  Virtual: do NOT use real private WANs <-> the network is physically public but virtually private

VPN Technology

IPSec and Tunneling


Each IP datagram destined for private use the organization must be encapsulated in another datagram

Tunneling (cont’)

NAT – Network Address Translation

the technology allows a site to use a set of private addresses for internal communication and a set of (at least one) global Internet addresses for communication with another site

Address Translation

Translation Table
  

Using one IP address Using a pool of IP address Using both IP address and port numbers

Using One IP Address

Drawback: only one private-network host access the same external host

Using A Pool of IP Address
  

Using more than one global address (e.g., 4 addresses) 4 private-network hosts can communicate with the same external host at the same time Drawback:
  

No more than 4 connections can be made to the same destination No private-network host can access 2 external server programs at the same time 2 private-network hosts can NOT access the same external server program at the same time

Using Both IP Address and Port Numbers

To allow many-to-many relationship between private-network hosts and external server programs -> need more information in the translation table

• Table 2: Five-column translation table
Private Address Private Port External Address … External Port 80 80 … Transport Protocol TCP TCP … 1400 1401 … …


